After several months of development, I’m happy to announce the release of new major Galette 1.2.0 release!

As usual, this new version brings fixes, new features and improvements; but is also fix some security issues.

  • Add staff public pages (list and gallery)
  • PHP 8.5 compatibility
  • Fix stored XSS CVE-2025-48076 and reflected XSS CVE-2025-48884
  • Fix groups manager access bypass CVE-2025-53922 and CVE-2025-58052
  • Changes and fixes on dates
  • Rework/harmonize SQL scripts
  • Add links to relevant parts of the documentation
  • Add few parameters to customize appearance
  • Prevent main social networks to be removed on update
  • Plugins no longer require write access to their root directory to be disabled/enabled
  • Plugins can display news on dashboard

Database schema changed a lot since 1.1 series, do not forget to backup your database before upgrading!

See Galette 1.2.0 changelog for all details.

All plugins needs to be updated as well, see plugins documentation ;-)

Download Galette 1.2.0

Hope you will enjoy this release; happy Galette!